|
|
|
|
|
FROM node:22-slim |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \ |
|
|
git openssh-client build-essential python3 python3-pip \ |
|
|
g++ make ca-certificates curl chromium tzdata \ |
|
|
libnss3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 \ |
|
|
libxcomposite1 libxdamage1 libxext6 libxfixes3 libxrandr2 \ |
|
|
libgbm1 libasound2 libpangocairo-1.0-0 libpango-1.0-0 \ |
|
|
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ |
|
|
&& echo "Asia/Shanghai" > /etc/timezone \ |
|
|
&& rm -rf /var/lib/apt/lists/* |
|
|
|
|
|
|
|
|
RUN pip3 install --no-cache-dir huggingface_hub --break-system-packages |
|
|
|
|
|
|
|
|
|
|
|
RUN update-ca-certificates && \ |
|
|
git config --global http.sslVerify false && \ |
|
|
git config --global url."https://github.com/".insteadOf ssh://git@github.com/ |
|
|
|
|
|
|
|
|
ENV HOME=/root |
|
|
RUN npm install -g openclaw@latest zod --unsafe-perm |
|
|
|
|
|
|
|
|
ENV PORT=7860 \ |
|
|
OPENCLAW_GATEWAY_MODE=local \ |
|
|
OPENCLAW_BROWSER_PATH=/usr/bin/chromium |
|
|
|
|
|
|
|
|
|
|
|
RUN echo 'import os, sys, tarfile\n\ |
|
|
from huggingface_hub import HfApi, hf_hub_download\n\ |
|
|
from datetime import datetime, timedelta\n\ |
|
|
api = HfApi()\n\ |
|
|
repo_id = os.getenv("HF_DATASET")\n\ |
|
|
token = os.getenv("HF_TOKEN")\n\ |
|
|
\n\ |
|
|
def restore():\n\ |
|
|
try:\n\ |
|
|
print(f"--- [SYNC] 启动恢复流程, 目标仓库: {repo_id} ---")\n\ |
|
|
if repo_id and token:\n\ |
|
|
files = api.list_repo_files(repo_id=repo_id, repo_type="dataset", token=token)\n\ |
|
|
now = datetime.now()\n\ |
|
|
found = False\n\ |
|
|
for i in range(5):\n\ |
|
|
day = (now - timedelta(days=i)).strftime("%Y-%m-%d")\n\ |
|
|
name = f"backup_{day}.tar.gz"\n\ |
|
|
if name in files:\n\ |
|
|
print(f"--- [SYNC] 发现备份文件: {name}, 正在下载... ---")\n\ |
|
|
path = hf_hub_download(repo_id=repo_id, filename=name, repo_type="dataset", token=token)\n\ |
|
|
with tarfile.open(path, "r:gz") as tar: tar.extractall(path="/root/.openclaw/")\n\ |
|
|
print(f"--- [SYNC] 恢复成功! 数据已覆盖至 /root/.openclaw/ ---")\n\ |
|
|
found = True; break\n\ |
|
|
if not found: print("--- [SYNC] 未找到最近 5 天的备份包 ---")\n\ |
|
|
else: print("--- [SYNC] 跳过恢复: 未配置 HF_DATASET 或 HF_TOKEN ---")\n\ |
|
|
\n\ |
|
|
|
|
|
count = 0\n\ |
|
|
for root, _, fs in os.walk("/root/.openclaw/"):\n\ |
|
|
for f in fs:\n\ |
|
|
if f.endswith(".lock"):\n\ |
|
|
try:\n\ |
|
|
os.remove(os.path.join(root, f))\n\ |
|
|
count += 1\n\ |
|
|
except: pass\n\ |
|
|
if count > 0: print(f"--- [SYNC] 已清理 {count} 个残留的锁定文件 ---")\n\ |
|
|
return True\n\ |
|
|
except Exception as e: print(f"--- [SYNC] 恢复异常: {e} ---")\n\ |
|
|
\n\ |
|
|
def backup():\n\ |
|
|
try:\n\ |
|
|
day = datetime.now().strftime("%Y-%m-%d")\n\ |
|
|
name = f"backup_{day}.tar.gz"\n\ |
|
|
print(f"--- [SYNC] 正在执行全量备份: {name} ---")\n\ |
|
|
def lock_filter(tarinfo):\n\ |
|
|
if tarinfo.name.endswith(".lock"): return None\n\ |
|
|
return tarinfo\n\ |
|
|
with tarfile.open(name, "w:gz") as tar:\n\ |
|
|
for target in ["sessions", "workspace", "agents", "memory", "plugins", "openclaw.json"]:\n\ |
|
|
full_path = f"/root/.openclaw/{target}"\n\ |
|
|
if os.path.exists(full_path):\n\ |
|
|
tar.add(full_path, arcname=target, filter=lock_filter)\n\ |
|
|
api.upload_file(path_or_fileobj=name, path_in_repo=name, repo_id=repo_id, repo_type="dataset", token=token)\n\ |
|
|
print(f"--- [SYNC] 备份上传成功! ---")\n\ |
|
|
except Exception as e: print(f"--- [SYNC] 备份失败: {e} ---")\n\ |
|
|
\n\ |
|
|
if __name__ == "__main__":\n\ |
|
|
if len(sys.argv) > 1 and sys.argv[1] == "backup": backup()\n\ |
|
|
else: restore()' > /usr/local/bin/sync.py |
|
|
|
|
|
|
|
|
|
|
|
RUN echo "#!/bin/bash\n\ |
|
|
set -e\n\ |
|
|
mkdir -p /root/.openclaw/sessions\n\ |
|
|
mkdir -p /root/.openclaw/workspace\n\ |
|
|
mkdir -p /root/.openclaw/plugins\n\ |
|
|
mkdir -p /root/.openclaw/agents/main/sessions\n\ |
|
|
mkdir -p /root/.openclaw/credentials\n\ |
|
|
ln -s /root/.openclaw/workspace /root/.openclaw/memory\n\ |
|
|
chmod 700 /root/.openclaw\n\ |
|
|
\n\ |
|
|
# 启动前执行数据恢复\n\ |
|
|
python3 /usr/local/bin/sync.py restore\n\ |
|
|
\n\ |
|
|
# 设置 CLI 认证 Token\n\ |
|
|
export OPENCLAW_GATEWAY_TOKEN=\"\$OPENCLAW_GATEWAY_PASSWORD\"\n\ |
|
|
\n\ |
|
|
# 清理 API Base 地址\n\ |
|
|
CLEAN_BASE=\$(echo \"\$OPENAI_API_BASE\" | sed \"s|/chat/completions||g\" | sed \"s|/v1/|/v1|g\" | sed \"s|/v1\$|/v1|g\")\n\ |
|
|
\n\ |
|
|
# 生成 openclaw.json 配置文件\n\ |
|
|
cat > /root/.openclaw/openclaw.json <<EOF\n\ |
|
|
{\n\ |
|
|
\"models\": {\n\ |
|
|
\"mode\": \"merge\",\n\ |
|
|
\"providers\": {\n\ |
|
|
\"cliproxy\": {\n\ |
|
|
\"baseUrl\": \"\$OPENAI_API_BASE\",\n\ |
|
|
\"apiKey\": \"\$OPENAI_API_KEY\",\n\ |
|
|
\"api\": \"openai-completions\",\n\ |
|
|
\"models\": [\n\ |
|
|
{\"id\": \"gemini-2.5-pro\", \"name\": \"gemini-2.5-pro\", \"contextWindow\": 200000, \"maxTokens\": 8192},\n\ |
|
|
{\"id\": \"gemini-2.5-flash\", \"name\": \"gemini-2.5-flash\", \"contextWindow\": 200000, \"maxTokens\": 8192},\n\ |
|
|
{\"id\": \"gemini-3-flash-preview\", \"name\": \"gemini-3-flash-preview\", \"contextWindow\": 200000, \"maxTokens\": 8192},\n\ |
|
|
{\"id\": \"gemini-3-pro-preview\", \"name\": \"gemini-3-pro-preview\", \"contextWindow\": 200000, \"maxTokens\": 8192}\n\ |
|
|
]\n\ |
|
|
}\n\ |
|
|
}\n\ |
|
|
},\n\ |
|
|
\"agents\": {\n\ |
|
|
\"defaults\": {\n\ |
|
|
\"model\": {\"primary\": \"cliproxy/gemini-3-flash-preview\", \"fallbacks\": [\"cliproxy/gemini-3-pro-preview\"]},\n\ |
|
|
\"workspace\": \"~/.openclaw/workspace\"\n\ |
|
|
}\n\ |
|
|
},\n\ |
|
|
\"gateway\": {\n\ |
|
|
\"mode\": \"local\", \"bind\": \"lan\", \"port\": \$PORT,\n\ |
|
|
\"trustedProxies\": [\"0.0.0.0/0\", \"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\"],\n\ |
|
|
\"auth\": { \"mode\": \"token\", \"token\": \"\$OPENCLAW_GATEWAY_PASSWORD\" },\n\ |
|
|
\"controlUi\": { \"allowInsecureAuth\": true }\n\ |
|
|
},\n\ |
|
|
\"channels\": {\n\ |
|
|
\"feishu\": {\n\ |
|
|
\"enabled\": \${FEISHU_ENABLED:-false},\n\ |
|
|
\"appId\": \"\$FEISHU_APP_ID\",\n\ |
|
|
\"appSecret\": \"\$FEISHU_APP_SECRET\",\n\ |
|
|
\"domain\": \"\${FEISHU_DOMAIN:-feishu}\",\n\ |
|
|
\"connectionMode\": \"\${FEISHU_CONNECTION_MODE:-websocket}\",\n\ |
|
|
\"dmPolicy\": \"open\",\n\ |
|
|
\"ignoreEvents\": [\"im.message.message_read_v1\", \"im.chat.access_event.bot_p2p_chat_entered_v1\"]\n\ |
|
|
}\n\ |
|
|
}\n\ |
|
|
}\n\ |
|
|
EOF\n\ |
|
|
\n\ |
|
|
# 启动定时备份进程 (每 3 小时执行一次,增强安全性)\n\ |
|
|
(while true; do sleep 10800; python3 /usr/local/bin/sync.py backup; done) &\n\ |
|
|
\n\ |
|
|
# 启动 OpenClaw 网关\n\ |
|
|
openclaw doctor --fix\n\ |
|
|
exec openclaw gateway run --port \$PORT\n\ |
|
|
" > /usr/local/bin/start-openclaw && chmod +x /usr/local/bin/start-openclaw |
|
|
|
|
|
EXPOSE 7860 |
|
|
CMD ["/usr/local/bin/start-openclaw"] |
